The Health Insurance Portability and Accountability Act (“HIPAA”) provides federal protections for personal medical information held by covered entities and gives patients an array of rights with respect to that information. For example, HIPAA requires that appropriate administrative, technical and physical safeguards must be in place to protect the privacy of patient information (e.g., medical records, patient names, social security numbers, etc.). For example, a medical facility, such as a doctor's office or clinic, must ensure that only authorized personnel have access to electronic data representative of patient information.
However, when a medical software application has access to a number of patient files, it will often display a list of patient names on a display screen from which an authorized user (e.g., a hospital staff member) may select a particular patient's name to access patient information corresponding to the patient. However, if the patient happens to be looking at the display screen while the authorized user accesses the patient information, the patient may see the list of patient names. If this happens, HIPAA laws are violated.